Its 5pm on a Friday, everyone is ready to go home for the weekend. An urgent email comes in from the CEO, requesting an immediate fund transfer of hundreds of thousands of dollars. Don't click 'OK' just yet - you might be getting whaled.
In this talk, we will examine the various aspects of one of the most successful, large-scale whaling campaigns currently affecting businesses. We'll start by examining the emails, context, and domains used by the attackers to trick employees. We will also look at the various documents used to trick companies, and how to potentially detect them in your network. But it gets better - using past research and publicly-available tools, we're going to profile a whaling campaign that stretches across dozens of victims, and hundreds of millions of dollars. We'll present research spanning over two years across the globe, involving banks from North Carolina to Hong Kong. Lastly, we're going to examine how this evidence led to a recent arrest of one of these scam artists.
Attendees will learn how to utilize open tools to hunt for related malware, documents, and threat actors. They will also learn how to expand knowledge of TTPs into their environment to protect against massive losses such as highly-successful whaling campaigns.

Matt has experience in incident response, digital forensics, threat intelligence, and network security monitoring. His skills include disk, database, and network forensics, incident response/triage, and network security monitoring. He is passionate about learning, sharing with others, and working on open source tools.
When not jamming with the console cowboys in cyberspace, Matt can be found with his new daughter, wife, 2 dogs, and sometimes hidden in a cloud of sweet, delicious smoke of a Texas BBQ pit.